Description
A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also result in gnome-remote-desktop no longer being able to open files even after it is restarted via systemd.
Problem types
Uncontrolled Resource Consumption
Product status
0:47.3-2.el10_0 (rpm) before *
0:0.1.8-4.el8_10 (rpm) before *
0:0.1.6-9.el8_2.1 (rpm) before *
0:0.1.8-4.el8_4 (rpm) before *
0:0.1.8-4.el8_4 (rpm) before *
0:0.1.8-4.el8_6 (rpm) before *
0:0.1.8-4.el8_6 (rpm) before *
0:0.1.8-4.el8_6 (rpm) before *
0:0.1.8-4.el8_8 (rpm) before *
0:0.1.8-4.el8_8 (rpm) before *
0:40.0-11.el9_6 (rpm) before *
0:40.0-10.el9_0 (rpm) before *
0:40.0-10.el9_2 (rpm) before *
0:40.0-11.el9_4 (rpm) before *
Timeline
| 2025-05-21: | Reported to Red Hat. |
| 2025-05-21: | Made public. |
References
access.redhat.com/errata/RHSA-2025:10631 (RHSA-2025:10631)
access.redhat.com/errata/RHSA-2025:10635 (RHSA-2025:10635)
access.redhat.com/errata/RHSA-2025:10742 (RHSA-2025:10742)
access.redhat.com/errata/RHSA-2025:11403 (RHSA-2025:11403)
access.redhat.com/errata/RHSA-2025:11404 (RHSA-2025:11404)
access.redhat.com/errata/RHSA-2025:11405 (RHSA-2025:11405)
access.redhat.com/errata/RHSA-2025:11406 (RHSA-2025:11406)
access.redhat.com/errata/RHSA-2025:11407 (RHSA-2025:11407)
access.redhat.com/errata/RHSA-2025:11408 (RHSA-2025:11408)
access.redhat.com/errata/RHSA-2025:11418 (RHSA-2025:11418)
access.redhat.com/security/cve/CVE-2025-5024
bugzilla.redhat.com/show_bug.cgi?id=2367717 (RHBZ#2367717)
gitlab.gnome.org/...nome-remote-desktop/-/merge_requests/321